Question : Error: you have not chosen to trust "Equifax secure global ebusines ca-1", the issuer of the server's security certificate

Users are getting this SSL/TLS error after authenticating through the Web Interface for Metaframe Presentation Server:
you have not chosen to trust "Equifax secure global ebusines ca-1", the issuer of the server's security certificate

This issue deals specifically with the Java client for remote users. We do not want to use the ICA client but rather only java. Incidently, the ica client works and does not give the error only when using java.

Background:
We are using 2 servers: One in the DMZ and one within our LAN.

DMZ server:
Uses Citrix Secure Gateway and IIS 6 server
Server 2003

Citrix server:
This server is within our LAN running the applications such as Outlook, etc.
Server 2000

Our server certificate expired recently and we acquired the most powerful certificate we could get from RapidSSL / Equifax which is also Geotrust.

USER STEPS:
1) Authenticate through firewall
2) Login to metaframe
3) Click on Outlook for example
4) Get this message below:
http://infosecurity.wvu.edu/images/secure-site.JPG

(An option to trust the certificate)

Instead they the Users get the message:
SSL/TLS error
you have not chosen to trust "Equifax secure global ebusines ca-1", the issuer of the server's security certificate

They never get the chance to trust or not to trust.

Your consideration is greatly appreciated.
-Joey

Answer : Error: you have not chosen to trust "Equifax secure global ebusines ca-1", the issuer of the server's security certificate

You may have the right certificate in place, but a parent certificate may be missing. One way to correct this is for the client/browser side to import the trusted root cert for the CA that signed the server certificate. However, that means that every remote computer that will access your server will need to do the import -- not convenient. That's what we started out doing when our Thawte certificate was giving our users similar errors. However, we were able to download a root certificate from Thawte and install that once on the IIS server and it resolved the errors for all clients.

I can't find the specific article that gave me the details (I think it was a MSFT article), but the basics were that I needed to get that Thawte certificate, run the Certificates snap-in in MMC on the IIS box, and import the certificate to the Trusted Root Certification Authorities section.

I think you can get the Equifax root certificate from here, but check with whoever issued you your server certificate:
http://www.geotrust.com/resources/root_certificates/index.asp

Random Solutions

SQL 2005 resource group fails over unexpectedly in MS Cluster

To covert an access report with pictures to any editable document format retaining all the graphics and other formatting settings

Unresolved external symbol error

shell script connect to the database and printing the results

How to stop Outlook from Archiving

Location of the Win98 SE usb drivers

Active Sync support code 86000108

Page Not Found - Hotmail IE 6 SP1

Crystal Reports XI - Isnull Formula

How to disable reading pane and auto preview in Outlook 2003